The French application BeReal, which caused a sensation among (very) young people with its concept of “authentic” photos, finds itself in turmoil. Following its acquisition by mobile game publisher Voodoo this summer, the application is the subject of a complaint for non-compliance with the GDPR concerning its consent practices for advertising tracking. A situation which could have significant repercussions, knowing that violations of the GDPR can be penalized up to 4% of global annual turnover.
A controversial consent strategy
The privacy protection NGO noyb points out what she describes as a dark pattern, a manipulation technique aimed at making users give in. Since July 2024, BeReal has offered a consent banner which appears to offer a fair choice between accepting or refusing advertising tracking. But the reality is more devious: if the user accepts, the banner disappears permanently. On the other hand, if he refuses, it reappears daily when a post is published.
Lisa Steinfeld, lawyer at noyb, says:
BeReal’s harassment tactics are particularly absurd. When first confronted with the consent banner, users get the impression that the app actually respects their choice, only to discover that BeReal simply won’t accept an opt-out.
European regulators called to intervene
The complaint was filed with the CNIL, the French data protection regulator. noyb relies in particular on the directives of the European Data Protection Board (EDPS) of 2022, which warn against these “continuous solicitation” practices. According to these guidelines, users eventually give in “out of weariness of having to refuse the request each time they use the platform.”
As a reminder, BeReal has more than 23 million daily users worldwide. Its original concept – taking a spontaneous photo with the smartphone’s two sensors within 2 minutes of notification – had also inspired similar features at Instagram, TikTok and Snapchat. An influence which makes the question of respect for the privacy and confidentiality of users all the more important.
This case is reminiscent of the debates around advertising tracking on iOS, where Apple has implemented App Tracking Transparency to give users more control over their data. It will be interesting to see how the CNIL will position itself in the face of these practices which seem to go against the fundamental principles of the GDPR.
